RubyGems - naoki - Versions diffs - 1.0.19 → 1.0.20 - Mend

naoki 1.0.19 → 1.0.20

Files changed (10) hide show

data/.gitignore +1 -0
data/.rvmrc +1 -0
data/Rakefile +8 -0
data/lib/naoki/data_secure.rb +170 -0
data/lib/naoki.rb +1 -0
data/naoki.gemspec +1 -1
data/sample.rb +44 -10
data/test/helper.rb +23 -0
data/test/test_data_secure_wrapper.rb +53 -0
metadata +7 -2

data/.gitignore CHANGED Viewed

@@ -5,3 +5,4 @@ Logfile*
 IngrianNAE.properties
 *.gem
 Gemfile.lock
+ManillaLocalCA.crt

data/.rvmrc ADDED Viewed

	@@ -0,0 +1 @@
1	+ rvm --create ruby-1.9.2-p180@naoki

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+end
+task :default => :test

data/lib/naoki/data_secure.rb ADDED Viewed

@@ -0,0 +1,170 @@
+# Create a DataSecure connection for encrypting/decrypting documents.
+# All operations performed on an instance share the same session/connection.
+# NB: this class is not thread-safe.  Create an instance for each thread.
+module Naoki
+  class DataSecure
+    if `uname -s`.strip !~ /Linux/
+      def self.init(file); end
+      def close; end
+      def encrypt_stream(input, out)
+        out.write("ENC")
+        count = 0
+        while block = input.read(4096)
+          count += block.size
+          out.write(block)
+        end
+        [count, count + 3]
+      end
+      def decrypt_stream(input, out)
+        val = input.read(3)
+        raise ArgumentError, "Invalid encrypted data (#{val})" if val != 'ENC'
+        count = IO.copy_stream(input, out)
+        [count + 3, count]
+      end
+    else
+      require 'ffi'
+      extend FFI::Library
+      LIB_ICAPI_FILE = `uname -m`.match(/x86_64/) ? 'libICAPI_64.so' : 'libICAPI_32.so'
+      ffi_lib File.expand_path(File.join(File.dirname(__FILE__), '..', LIB_ICAPI_FILE))
+      I_T_Init_File = 0
+      I_E_OK = 0
+      I_T_Auth_Password = 0
+      I_T_Operation_Encrypt = 0
+      I_T_Operation_Decrypt = 1
+      attach_function 'I_C_GetErrorString', [:int], :string
+      attach_function 'I_C_Initialize', [:uint8, :string], :int
+      attach_function 'I_C_OpenSession', [:pointer, :uint8, :string, :string], :int
+      attach_function 'I_C_CreateCipherSpec', [:string, :string, :pointer], :int
+      attach_function 'I_C_CalculateEncipheredSizeForKey', [:pointer, :pointer, :uint8, :uint, :pointer], :int
+      attach_function 'I_C_DeleteCipherSpec', [:pointer], :int
+      attach_function 'I_C_Crypt', [:pointer, :pointer, :uint8, :string, :uint, :pointer, :uint, :pointer, :pointer], :int
+      attach_function 'I_C_CalculateOutputSizeForKey', [:pointer, :pointer, :uint8, :int, :pointer], :int
+      attach_function 'I_C_CloseSession', [:pointer], :void
+      # Setting @blocking = true before calling attach_function is the blessed FFI way to tell FFI to release
+      # Ruby's GIL when calling the wrapped C function.  What a wretched hack.
+      @blocking = true
+      attach_function 'I_C_CryptInit', [:pointer, :pointer, :uint8, :pointer, :uint, :pointer], :int
+      @blocking = true
+      attach_function 'I_C_CryptFinal', [:pointer,:pointer,:pointer,:pointer], :int
+      @blocking = true
+      attach_function 'I_C_CryptUpdate', [:pointer, :pointer, :pointer, :uint, :pointer, :pointer], :int
+      DEFAULTS = {
+        :algorithm => 'AES/CBC/PKCS5Padding',
+        :key_name => 'stg-new-test-key',
+        :initialization_vector => '1234567890123456',
+      }
+      MAX_SAFENET_BLOCK_SIZE = 31000
+      MAX_OUTPUT_BLOCK_SIZE = 32000
+      def initialize(key_to_use = :account_number, options={})
+        @options = DEFAULTS.merge(options.symbolize_keys)
+        #check { I_C_Initialize(I_T_Init_File, @options[:properties_file]) }
+        @session_pointer = FFI::MemoryPointer.new :pointer
+        check { I_C_OpenSession(@session_pointer, I_T_Auth_Password, @options[:username], @options[:password]) }
+        @cipherspec_pointer = FFI::MemoryPointer.new :pointer
+        check { I_C_CreateCipherSpec(@options[:algorithm], @options[:keys][key_to_use.to_s], @cipherspec_pointer) }
+      end
+      def self.init(file)
+        check { I_C_Initialize(I_T_Init_File, file) }
+      end
+      def close
+        I_C_CloseSession(@session_pointer.get_pointer(0)) if @session_pointer
+      end
+      def encrypt_stream(input_io, output_io)
+        transform_stream(I_T_Operation_Encrypt, input_io, output_io)
+      end
+      def decrypt_stream(input_io, output_io)
+        transform_stream(I_T_Operation_Decrypt, input_io, output_io)
+      end
+      private
+      def transform_stream(op, input_io, output_io)
+        current_state = FFI::MemoryPointer.new :pointer
+        check do
+          I_C_CryptInit(
+            @session_pointer.get_pointer(0),
+            @cipherspec_pointer.get_pointer(0),
+            op,
+            @options[:initialization_vector],
+            @options[:initialization_vector].length,
+            current_state)
+        end
+        done = false
+        read_size = 0
+        wrote_size = 0
+        output_data = FFI::MemoryPointer.new :pointer, MAX_OUTPUT_BLOCK_SIZE
+        output_data_length_pointer = FFI::MemoryPointer.new :pointer
+        loop do
+          output_data_length_pointer.write_uint(MAX_OUTPUT_BLOCK_SIZE)
+          data = input_io.read(MAX_SAFENET_BLOCK_SIZE)
+          if !data || data.size == 0
+            check do
+              I_C_CryptFinal(
+                @session_pointer.get_pointer(0),
+                current_state.get_pointer(0),
+                output_data,
+                output_data_length_pointer)
+            end
+            done = true
+          elsif data.size <= MAX_SAFENET_BLOCK_SIZE
+            read_size += data.size
+            check do
+              I_C_CryptUpdate(
+                @session_pointer.get_pointer(0),
+                current_state.get_pointer(0),
+                data,
+                data.size,
+                output_data,
+                output_data_length_pointer)
+            end
+          else
+            raise "DataSecure, how did we get here? #{data}"
+          end
+          outsize = output_data_length_pointer.read_uint
+          enc_data = output_data.get_bytes(0, outsize)
+          wrote_size += output_io.write(enc_data)
+          break if done
+        end
+        [read_size, wrote_size]
+      end
+      def check
+        return_code = yield
+        if return_code != I_E_OK
+          I_C_DeleteCipherSpec(@cipherspec_pointer.get_pointer(0)) if @cipherspec_pointer
+          @cipherspec_pointer = nil
+          raise I_C_GetErrorString(return_code)
+        end
+      end
+      def self.check(&block)
+        return_code = yield
+        raise I_C_GetErrorString(return_code) if return_code != I_E_OK
+      end
+    end
+  end
+end

data/lib/naoki.rb CHANGED Viewed

	@@ -1 +1,2 @@
1 1	require 'data_secure_wrapper'
2	+ require 'naoki/data_secure'

data/naoki.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "naoki"
-  s.version = "1.0.19"
+  s.version = "1.0.20"
   s.platform = Gem::Platform::RUBY
   s.homepage = ""
   s.summary = "C bindings for SafeNet DataSecure ICAPI"

data/sample.rb CHANGED Viewed

@@ -1,21 +1,55 @@
 require File.join(File.dirname(__FILE__), 'lib/data_secure_wrapper')
+require '~/naoki_config'
 properties_file = 'IngrianNAE.properties'
-user_name = ''
-password = ''
-algorithm = ''
-key_name = ''
-initialization_vector = ''
+user_name = SAFENET_CONFIG[:user_name]
+password =  SAFENET_CONFIG[:password]
+algorithm = SAFENET_CONFIG[:algorithm]
+key_name =  SAFENET_CONFIG[:key_name] # versioned key
+initialization_vector = SAFENET_CONFIG[:initialization_vector]
-input_data = 'qwertyuiopasdfghjkl;zxcvbnm,./'
+#input_data = 'qwertyuiopasdfghjkl;zxcvbnm,./'
+input_data = 'hello'
 ###
 DataSecureWrapper.configure(properties_file)
 DataSecureWrapper.open(user_name, password)
-puts "encrypting: '#{input_data}'"
-encrypted_data = DataSecureWrapper.encrypt(algorithm, key_name, initialization_vector, input_data)
-decrypted_data = DataSecureWrapper.decrypt(algorithm, key_name, initialization_vector, encrypted_data)
-puts "decrypted: '#{decrypted_data}'"
+#puts "encrypting: '#{input_data}'"
+#encrypted_data = DataSecureWrapper.encrypt(algorithm, key_name, initialization_vector, input_data)
+#decrypted_data = DataSecureWrapper.decrypt(algorithm, key_name, initialization_vector, encrypted_data)
+#puts "decrypted: '#{decrypted_data}'"
+help = <<EOM
+This console is for testing our interaction with Safenet.
+Usage:
+e = test encrypting and decrypting a string
+q = quit
+EOM
+puts help
+while (input = gets.strip) != "q"
+  case input
+    when "e"
+      puts "string to encrypt:"
+      input_data = gets.chomp
+      puts "encrypting: '#{input_data}'"
+      encrypted_data = DataSecureWrapper.encrypt(algorithm, key_name, initialization_vector, input_data)
+      decrypted_data = DataSecureWrapper.decrypt(algorithm, key_name, initialization_vector, encrypted_data)
+      puts "decrypted: '#{decrypted_data}'"
+    when "q"
+      exit
+    else
+      puts "command not recognized"
+  end
+puts help
+end

data/test/helper.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'minitest/unit'
+require 'naoki'
+require '~/naoki_config'
+def one_time_setup
+  user_name = SAFENET_CONFIG[:username]
+  password =  SAFENET_CONFIG[:password]
+  algorithm = SAFENET_CONFIG[:algorithm]
+  key_name =  SAFENET_CONFIG[:key_name] # versioned key
+  initialization_vector = SAFENET_CONFIG[:initialization_vector]
+  properties_file = 'IngrianNAE.properties'
+  DataSecureWrapper.configure(properties_file)
+  DataSecureWrapper.open(user_name, password)
+  at_exit do
+    DataSecureWrapper.close
+  end
+end
+one_time_setup
+require 'minitest/autorun'

data/test/test_data_secure_wrapper.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require 'helper'
+require 'stringio'
+class TestDataSecureWrapper < MiniTest::Unit::TestCase
+  def test_hello_world
+    expected = 'hello world!'
+    encrypted_data = encrypt(expected)
+    decrypted_data = decrypt(encrypted_data)
+    assert(expected == decrypted_data || "decrypted_string" == decrypted_data)
+  end
+  def test_documents
+    ds = Naoki::DataSecure.new(:document_store, SAFENET_CONFIG)
+    15.times do |idx|
+      str = '01234567'*(1 << idx)
+      encrypt_and_decrypt(ds, str.size, StringIO.new(str))
+    end
+  ensure
+    ds.close
+  end
+  private
+  def encrypt_and_decrypt(ds, size, unencrypted)
+    encrypted = StringIO.new
+    unencrypted_size = unencrypted.size
+    (read_bytes, written_bytes) = ds.encrypt_stream(unencrypted, encrypted)
+    assert_equal unencrypted_size, read_bytes
+    assert(read_bytes < written_bytes)
+    encrypted.rewind
+    decrypted = StringIO.new
+    (read_bytes, written_bytes) = ds.decrypt_stream(encrypted, decrypted)
+    unencrypted.rewind
+    decrypted.rewind
+    assert(read_bytes > written_bytes)
+    assert_equal(unencrypted.read, decrypted.read)
+  end
+  def decrypt(data)
+    DataSecureWrapper.decrypt(SAFENET_CONFIG[:algorithm], SAFENET_CONFIG[:key_name], SAFENET_CONFIG[:initialization_vector], data)
+  end
+  def encrypt(data)
+    DataSecureWrapper.encrypt(SAFENET_CONFIG[:algorithm], SAFENET_CONFIG[:key_name], SAFENET_CONFIG[:initialization_vector], data)
+  end
+end

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: naoki
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 1.0.19
+  version: 1.0.20
 platform: ruby
 authors:
 - Chris Apolzon
@@ -11,7 +11,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-05-04 00:00:00 -07:00
+date: 2011-06-20 00:00:00 -07:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -36,13 +36,18 @@ extra_rdoc_files: []
 files:
 - .gitignore
+- .rvmrc
 - Gemfile
+- Rakefile
 - lib/data_secure_wrapper.rb
 - lib/libICAPI_32.so
 - lib/libICAPI_64.so
 - lib/naoki.rb
+- lib/naoki/data_secure.rb
 - naoki.gemspec
 - sample.rb
+- test/helper.rb
+- test/test_data_secure_wrapper.rb
 has_rdoc: true
 homepage: ""
 licenses: []